CVE-2025-53606

CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server

Vendor Apache Software Foundation

Product Apache Seata (incubating)

Weakness CWE-502 · Unsafe deserialization

Published August 8, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.

Key dates

Disclosure timeline

August 8, 2025 CVE published

November 4, 2025 Record updated